We have two sites with SSG-140s at both. Our main site has several different services running from a VIP to internal services. The second site is a failover site, and we plan to handle all the failover traffic via DNS and other means, but we have one service that is bound to a specific public IP that, durning a maintenance failover, we want to forward from Site 1 to Site 2. Well aware that this does us no good in a true emergency, but it does allow us to run 98% of the site elsewhere and pull the servers down for maintenance and replacement with just the Juniper equipment running.
So, the goal is have a policy that can be activated that will take traffic that normally is a VIP to an internal IP and forward it to an external IP at our Site 2. I would love for this part of the failover processs to be as simple as check the box or be able to script to enable a policy via the terminlal.
Questions - Can a VIP go to an external address? Making the VIP address an external IP does not seem to work in testing. I've also attempted an inter-zone nat-dest policy that seems to be ignored.
Alternative, there is a VPN between these two locations. Can I route a VIP destinatinon over the VPN? What would be involved?
Thanks
Pete